EECS711 Security Management and Audit Spring 2010 Presenter Sara Mohseni Instructor Dr Hossein Saiedian Organization Introduction Federal Guidelines for Data Sanitization Data Sanitization Laws ID: 259184
Download Presentation The PPT/PDF document "Disposal of Disk and Tape Data by Secure..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Disposal of Disk and Tape Data by Secure Sanitization
EECS711 : Security Management and Audit
Spring 2010
Presenter : Sara Mohseni
Instructor : Dr. Hossein SaiedianSlide2
Organization
Introduction
Federal Guidelines for Data Sanitization
Data Sanitization LawsData Sanitization through Media Physical DestructionData Sanitization through Drive or Tape DegaussingData Sanitization through Block Overwrite or SEEnhanced SE through In-Drive Data EncryptionConclusions
2Slide3
Introduction
US laws require secure data sanitization to eradicate data in disk and tape drives, but not all methods offer the highest level of security.
File deletion erases only file block pointers, links that left a file system reassemble a file.
File deletion is fastest and facilitates subsequent restoration of files because data remains on disk, but it isn’t secure.Erasure of both pointers and file data is example of secure sanitization.
3Slide4
Federally approved methods to reliably sanitize data from retired computer hard disk drives and tapes are critical for both security and privacy reasons.
In 2006, the US National Institute of Standards and Technology issued guidelines for media sanitization(NIST 800-88) to address this need.
Data sanitization encompasses all data eradication methods, including block-by-block over-write; drive internal secure erase (SE); and physical chemical, thermal, or magnetic destruction.
4IntroductionSlide5
Federal Guidelines for Data Sanitization
NIST 800-88 defines four distinct protocols for user data sanitization:
Disposal
ClearingPurgingDestroying
5Slide6
Disposal means discarding storage media without employing any other sanitization or by deleting user file directories in public operating systems such as Windows or Linux. E.g., OS file deletion.
Clearing includes computer software utilities that overwrite user data blocks. Block overwrite is the most common data sanitization technique.
Clearing is considerably superior to disposal but can result in incomplete sanitization.
6Federal Guidelines for Data SanitizationSlide7
Clearing might not erase user data blocks reassigned to different disk locations.
DBAN is an example of popular external block overwrite open source program (
http://sourceforge.net/projects/srm
).The US Defense Security Service today requires that federal agencies using overwrite utilities have an authorized DoD (Department of Defense) laboratory evaluate them for proper functionality.7
Federal Guidelines for Data SanitizationSlide8
Purging is the next higher sanitization level in NIST 800-88. Approved methods include the in-drive SE (Secure Erase) command and magnetic degaussing of disk drives or tape reels.
SE is faster than
external-block-overwrite
programs such as DBAN because SE is overwrite with no host-to-drive data transfer of the write pattern.SE write pattern is predefined and originates from inside the drive.8
Federal Guidelines for Data SanitizationSlide9
Destroying is the highest level of sanitization per NIST 800-88, meaning media physical destruction by disintegration, incineration, pulverizing, shredding, chemical attack, or melting.
Users tend to select the method that provides an acceptable security level in a reasonable time window.
Many users avoid a high-security protocol that requires special software and days to accomplish, making such a protocol less used and thus less practical.
9Federal Guidelines for Data SanitizationSlide10
10
Federal Guidelines for Data SanitizationSlide11
11
Federal Guidelines for Data SanitizationSlide12
Data Sanitization Laws
Many users are aware of legal-compliance regulations in data privacy laws regarding long-term data retention. But they might not know that those laws also specify requirements for data sanitization.
Strict local, state, and federal legislation protecting consumers, medical patients, investors, and the environment specify that organizations must be careful when disposing or repurposing digital equipment.
12Slide13
US laws that address data sanitization for storage devices include:
Health Insurance Portability and Accountability Act (HIPAA)
Gramm-Leach-Bliley Act (1999)
California Senate Bill 1386 (2002)The Sarbanes-Oxley Act (2002)The Care and Accurate Credit Transactions Act (2003)SEC Rule 17a (1997)Users should meet these legal requirements at the highest standards consistent with their operations.
13
Data Sanitization LawsSlide14
Data Sanitization through Media Physical Destruction
For the highest security, tapes and disks removed from drives should be destroyed.
Disks and tape destruction involves breaking up or shredding media, chemically or thermally destroying media surfaces, or grinding media in to microscopic pieces.
Simple disk-bending provides more effective destruction than many realize, because drive read-and-write heads will either crash or fly high to read data, and different heads can’t easily read the media.14Slide15
Physical destruction doesn’t provide absolute certainty against hypothetical exotic forensics data recovery method if any remaining unerased disk pieces are larger than a record block. (This would be about 1/25 inch or 0.2 mm for 512-byte blocks in most current disk drives.
As drive linear and track densities increase, the maximum allowable disk fragment size will become even smaller.
15
Data Sanitization through Media Physical DestructionSlide16
Data Sanitization through Drive or Tape Degaussing
Degaussers are commercial instruments that bulk-demagnetize disk drives and tape reels.
Degaussers use high-intensity magnetic fields to erase magnetic media in a drive or tape, including record headers and servo bursts – information required for head positioning and data recovery.
Older Degaussers might not be able to erase data on higher-data-capacity disk drives which require higher demagnetization fields (because of their higher disk media coercivity). 16Slide17
Older Degaussers also were designed for older longitudinal recording drives and might not be able to erase today’s perpendicular recording drives.
Degaussing will remain entirely practical for tape media because tape coercivity is far lower than disk media and is expected to remain so for some time.
17
Data Sanitization through Drive or Tape DegaussingSlide18
18
Data Sanitization through Drive or Tape DegaussingSlide19
Data Sanitization through Block Overwrite or SE
SCSI (Small Computer System Interface) and ATA (Advanced Technology Attachment) interface drives specifications support SE (Secure Erase) command.
ATA SE writes binary 0s or 1s, conveniently allowing an SE to be verified.
SCSI specifications let users specify the SE pattern and state that the command intent is “to render any previous user data unrecoverable by any analog or digital technique.” 19Slide20
Both the ATA and SCSI SE specifications require that a drive overwrite all user areas that have ever been accessible, up to the maximum native drive capacity.
SCSI specifications additionally require erasing all reassigned blocks.
An ATA SE also sanitizes hybrid-drive flash memories.
20Data Sanitization through Block Overwrite or SESlide21
Enhanced SE through In-Drive Encryption
Computer OS data encryption is a common feature but isn’t often used.
Encryption in large enterprise computer systems defeats the operation of many important data management functions, such as incremental backup, continuous data protection, data compression, deduplication, archiving.
Efforts to defeat these operations cause significant data access speed and cost penalties to enterprise storage.21Slide22
Recently , Seagate and Hitachi introduced 2.5-inch secure disk drives for laptop computers. These drives, called full disk encryption (FDE) or self-encrypting drives, internally encrypt user data before magnetic recording.
FDE drives provide data protection in case a laptop or drive is lost or stolen.
22
Enhanced SE through In-Drive EncryptionSlide23
They also offer a new and virtually instantaneous way to sanitize data by securely changing their internal encryption key.
FDE drives allow ESE (Enhanced SE) which additionally requires a drive to overwrite all previously written user data, including sectors no longer in use due to reallocation.
23
Enhanced SE through In-Drive EncryptionSlide24
Conclusion
To provide the highest confidence in meeting government laws protecting user privacy, use the SE command in computer storage devices, where possible. Otherwise, use block-overwrite utilities on entire drives.
Use secure physical destruction of devices that contain data with the highest security classification level (for example, top secret and above).
24